Biden Adviser On Cyber Threats And The New Executive Order To Combat Them
MARY LOUISE KELLY, HOST:
And I'm Mary Louise Kelly in Washington, where if you head to the gas station two blocks from my house, you will find handwritten empty signs taped to the pumps. Thousands of gas stations have run dry, mostly across southeastern states - this following the cyberattack that forced Colonial Pipeline to shut down. Now, that pipeline delivers nearly half the gasoline and jet fuel for the U.S. east coast. It is now running again, but the attack highlights the vulnerability of America's critical infrastructure. And it has led, along with other recent breaches, to President Biden signing a new executive order on cybersecurity. Well, the senior White House adviser in charge of the cyber response is Anne Neuberger, and she joins us now from the White House.
Anne Neuberger, welcome.
ANNE NEUBERGER: Thank you so much, Mary Louise. It's great to be here with you today.
KELLY: So there is a lot packed into this executive order that y'all have just rolled out. If you would give us the top line in a few sentences, what will change here to prevent future attacks?
NEUBERGER: Absolutely. First, it rolls out high-impact cyberdefenses that make it harder to compromise and operate on a hack network across the federal government. Second, it improves the security of commercial software by establishing baseline security requirements for those selling to the government. And this - we, the government, private sector, uses the same software. So as a result, we expect this requirement to raise software security across supply chains. And third, it ensures the federal government is in a position to respond quickly when breaches do happen and then learn from those incidents. So it addresses barriers to information-sharing and also establishes a cyber incident review board that will convene following an incident to analyze what happened and make recommended improvements going forward.
KELLY: I also noticed the Justice Department has set up a new task force or will set up a new task force to prosecute hackers. If these people are overseas, how does it work for hackers who are in Russia, which would appear to be a recurring problem?
NEUBERGER: Mary Louise, you identify one key aspect of addressing cyberattacks, which is there's an us aspect, and that was really the root of the executive order. How do we ensure we're more secure? And then there's a them aspect. How do we ensure we hold perpetrators accountable, whether they're criminal or nation states? So a part of that is certainly, as a collective of countries, look and say, countries that have criminal ransomware attackers hosted in their countries need to do more to really bring those to account.
KELLY: And that's the challenge - right? - because the U.S. has been trying to figure out how to get Russia to decide this is a bad idea. I know the U.S. has formally named Russia in the SolarWind (ph) attack. In the case of Colonial Pipeline, yes, I know the president says the hackers are in Russia. Even if the Russian government isn't involved, they have some responsibility to shut this down, but how? I mean, nothing the U.S. has tried so far has - at least what we've been able to see publicly - caused them to rethink this.
NEUBERGER: Ransomware is a difficult problem. And let's focus on two aspects here. So first, you know, the prolific payment of ransoms encourages ransomware, and that's one of the reasons the U.S. government's position is not to pay ransoms. In addition to that, you may have seen a number of months ago, the FBI worked with law enforcement partners around the world to disrupt ransomware infrastructure of two particularly pernicious strains.
KELLY: There are reports out today that Colonial Pipeline did pay nearly $5 million ransom. Can you confirm that?
NEUBERGER: I'm not going to comment on that.
KELLY: But the administration has been actively involved in helping them get their operations up and running again.
NEUBERGER: Absolutely. We've been committed to providing any and all support Colonial needed to ensure they could rapidly restart their pipeline and ensure that the impact of this ransomware attack and of Colonial's proactive decision to take down the broader pipeline is rapidly addressed.
KELLY: I mean, the tension here for a company like Colonial Pipeline is they need to get their pipeline up and running. I understand the temptation to pay ransom. Your point is that that will encourage more of these attacks in future, and then things escalate.
NEUBERGER: Ransomware is a difficult problem. We discourage the payment of ransoms, and we also understand that sometimes companies are in a difficult place if they don't have backups and if they have significant impact from ransomware. And as a result, we need to look creatively to say, how do we absolutely reduce the scourge of ransomware? And it's something we're committed to doing.
KELLY: And I guess that circles back to the question of deterrence. If I'm a Russian hacker watching what just played out in the U.S. this week, watching a hack that crippled gas supply to the eastern coast of the United States and watching a company that reportedly paid a ransom, what would deter me from thinking this would be a good idea to try again?
NEUBERGER: First, it begins with resilience. I hope that each company, each government agency that looks at the events over the last week and, really, at the number of incidents that have occurred recognize the need for us to build secure and resilient digital infrastructure. And then in addition, as you saw in SolarWinds, as you saw in the president's remarks today, the administration will look to hold perpetrators accountable via a variety of means.
KELLY: Deputy national security adviser for cyber and emerging technology Anne Neuberger, speaking to us there from the White House.
NEUBERGER: Thank you, Mary Louise. Transcript provided by NPR, Copyright NPR.